First published: Mon Jan 31 2022(Updated: )
Emlog pro v1.1.1 was discovered to contain a stored cross-site scripting (XSS) vulnerability in the component /admin/configure.php via the parameter footer_info.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Emlog Emlog | =1.1.1 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2022-23872 is a stored cross-site scripting (XSS) vulnerability in Emlog pro v1.1.1.
The severity of CVE-2022-23872 is medium with a CVSS score of 4.8.
CVE-2022-23872 can be exploited by injecting malicious code into the footer_info parameter in the /admin/configure.php component of Emlog pro v1.1.1.
Yes, a fix for CVE-2022-23872 is available. Users should update to a patched version of Emlog pro.
More information about CVE-2022-23872 can be found at the following references: [https://github.com/emlog/emlog/issues/147](https://github.com/emlog/emlog/issues/147) and [https://github.com/truonghuuphuc/CVE](https://github.com/truonghuuphuc/CVE).